Adldap2-Laravel
Adldap2-Laravel copied to clipboard
Adldap2
Unable to auth user with a NoDatabaseUserProvider
- Laravel Version: 5.7
- Adldap2-Laravel Version: 5.1
- PHP Version: 7.2
- LDAP Type: ActiveDirectory
Description:
I'm trying to login with email address (as userprincipalename) and password in a NoDatabaseUserProvider configuration but the Auth::attempt() return always false. On the other hand, Adldap::auth()->attempt($request->userprincipalname, $request->password, $bindAsUser = true); it return true and also Adldap::search()->findBy('userprincipalname', $username) works correctly. So, where I'm wrong? :(
thank you in advance
config/auth.php
'providers' => [
'users' => [
'driver' => 'ldap',
],
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
config/ldap_auth.php
'provider' => Adldap\Laravel\Auth\NoDatabaseUserProvider::class,
'model' => App\User::class,
'rules' => [
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
],
'scopes' => [
Adldap\Laravel\Scopes\UpnScope::class,
],
'usernames' => [
'ldap' => [
'discover' => 'userprincipalname',
'authenticate' => 'password',
],
'eloquent' => 'username',
'windows' => [
'discover' => 'samaccountname',
'key' => 'AUTH_USER',
],
],
App\Http\Controllers\Auth\LoginController
public static function username()
{
return 'userprincipalname';
}
protected function login(Request $request)
{
$credentials = [
'userprincipalname' => $request->userprincipalname,
'password' => $request->password
];
if (Auth::attempt($credentials)) {
// not working
}
if ( Adldap::auth()->attempt($request->userprincipalname, $request->password, $bindAsUser = true)) {
// it works
}
}
login.blade.php
<input id="username" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="userprincipalname" value="{{ old('username') }}" required autofocus />
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" required>
UPDATE: maybe I've solved changing this:
'ldap' => [
'discover' => 'userprincipalename',
'authenticate' => 'password'
]
to this:
'ldap' => [
'discover' => 'userprincipalname',
'authenticate' => 'userprincipalname',
],
can you confirm that is the right way?
Hi @MoiseScalzo,
This is definitely the right way when using ActiveDirectory. The authenticate value is what to use as the users username when calling ldap_bind() on your configured LDAP connection. Setting it to password won't work.
For example, in ActiveDirectory, a users Distinguished Name or User Principal Name can be used as a username to bind to ActiveDirectory servers:
// Using UPN:
$userPrincipalName = '[email protected]';
ldap_bind($conn, $userPrincipalName, 'secret-password');
// Using DN:
$dn = 'cn=John Doe,ou=Users,dc=acme,dc=org';
ldap_bind($conn, $dn, 'secret-password');
So you can actually use either distinguishedname or userprincipalname as the value for the authenticate option. They will both work.
I hope I made it more understandable!
Are you able to successfully login now?
Hi, @stevebauman thank you very much for the clarification. Now login works correctly. Thanks